Social engineering is a technique used to manipulate people into revealing confidential information through deception. The document discusses how social engineers create profiles of their targets using online tools and then develop relationships to gain their trust over time in order to attack them through espionage, doxing, or scams. It provides examples of social engineering attacks and tips for protecting personal information online to avoid being targeted.

1. null Bangalore
THE DARK ARTS OF SOCIAL ENGINEERING

2. PRIMARY INFORMATION
• Name: Nutan Kumar Panda aka @TheOsintGuy
• Job Profile: Information Security Engineer
• Github Profile: https://github.com/nkpanda
• Co-author: Hacking Web Intelligence
• Hobbies: Riding bike, Playing keyboard, Watching
Movies

3. BLACK LIST AGENDA
• Phishing
• Vishing
• Pretexting
• Shoulder Surfing
• Dumpster diving
• Spamming
• Hacking Gmail/ Facebook/ Watsapp accounts

4. THE STORY BEHIND THIS PRESENTATION

5. WHAT IS SOCIAL ENGINEERING?

6. WHO ARE SOCIAL ENGINEERS?

7. WHY SOCIAL ENGINEERING?

8. WHERE IT IS WIDELY USED?
Social
Engineering
Espionage
Doxing
Scam

9. BASIC EXAMPLE

10. THE NEXT LEVEL

11. 3 STEPS OF SOCIAL ENGINEERING
Create
Layout
Profile Attack

12. HOW TO CREATE A LAYOUT

13. POINTERS TO CREATE LAYOUT
Name
Peek You
Lullar
iSearch
Pipl
123 People
Spokeo
Usernames
and images
Check Usernames
KnowEm
Tineye
Google reverse image
search
Keyword
Social Mention
Omgili
Board Reader

14. THE PLAN B
Mr X
Children Relative Assistant Colleague
Legal
advisor
Wife GF

15. PROFILING
http://freemind.sourceforge.net/wiki/index.php/Main_Page

16. OLD SCHOOL STYLE
Vulnerable /
Stupid Victim
• Has no idea of your intentions
• Is a Remote target
• Little knowledge of computer and a bit trust on you
Trust
• Chatting with them regularly for at least for 3 weeks - 9
• Giving them something worth value for them – 10
• Make fun of someone together – 4
• Being a member of online group, page, forum – 8
• Sharing Common Interests - 8
• Helping them with problems - 9
Trust Points • About 20 You are good to attack

17. ATTACK

18. ESPIONAGE

19. DOX

20. SCAM
https://www.youtube.com/watch?v=_dj_90TnVbo
http://indianexpress.com/article/entertainment/bollywood/actor-karan-singh-
grover-falls-prey-to-nigerian-online-lottery-scam/

21. INTERESTING POINTERS
• https://www.trustwave.com/Resources/SpiderLabs-Blog/Hacking-a-Reporter--Writing-
Malware-For-Fun-and-Profit-(Part-1-of-3)/
• https://www.trustwave.com/Resources/SpiderLabs-Blog/Hacking-a-Reporter--UK-
Edition/?page=1&year=0&month=0
• http://www.welivesecurity.com/2015/12/22/manager-bikes-stolen-cycling-app-reveals-
home-address/
• http://readwrite.com/2010/08/23/i_can_stalk_u_new_site_posts_exacts_locations_of_twitt
er_users_posting_geotagged_photos
• http://www.buzzfeed.com/jimwaterson/your-iphone-knows-exactly-where-youve-been-and-
this-is-how-t#.wspQX53BD
• http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html

22. SHARE LESS SURF MORE
• Do not share much information as public such that are associated with security questions.
• Do not use geo tag.
• Do not repeat a check in or a place you visit often in social media.
• Do not post pictures un necessarily.
• Do not reply mails, messages asking username/password/or verification code.
• Accept that you are not that lucky to get lottery which you never applied for.
• Do not download apps such as fb+ or linkedin+ which are not from the creators.
• Do not challenge or boast in social media, there are many legends of internet.
• Go enjoy you life and do not waste much on your virtual life.

23. ANY QUERIES?

24. THANKS